AMENDMENTS TO THE CLAIMS 



1. (Currently Amended) A method for dynamically tracking a user session 
in order to authenticate and authorize a computer user to a plurality of separately 
secured remote applications, the method comprising the steps of: 

a. storing security information for a plurality of computer users in a user 
profile database; 

b. the user launching a first secured computer application on an application 

server; 

c^ receiving login information from the computer user at an authorization 
server coupled with the user profile database login information from th e comput e r us e r 
who has launched a comput e r application ; 

e d. in response to step b c, creating a Session ID for the computer user 
with the authorization server; 

4 e. storing at least a portion of the Session ID on the user's computer; 

e f. also in response to step b c, creating an object associated with the 
computer user or the Session ID; 

f g. storing the object dynamically in a directory stored in a directory server 
coupled with the authorization server and the application server: 

g h. copying at least some of the security information relating to the 
computer user from the user profile database to the object in the directory; 

fe i. comparing the log-in information entered by the computer user to the 
security information for the computer user and allowing the computer user access to 
the launch e d first secured computer application if the user is an authenticated or 
authorized user of the first secured computer application; 

j. the user launching a second separately-secured computer application on 
an application server; 

ik. permitting other the second separately-secured computer applications 
launch e d by th e comput e r us e r to r e f e r e nc e application reading the Session ID on the 
user's computer; and 
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j- 1. the oth e r second separately-secured computer applications accessing the 
object for the computer user on the directory server in response to the Session ID to 
authenticate or authorize the user for the oth e r second separately-secured computer 
applications. 

2. (Original) The method as set forth in claim 1 , the security information 
including authentication and authorization information. 



3. (Original) The method as set forth in claim 2, the authentication and 
authorization information including at least one of the following; user names, user 
IDs, passwords, public-key data, certificates, and access control information. 

4. (Currently Amended) The method as set forth in claim 1, the Session ID 
being based on at least one of the following: a date on which the computer user 
launched the first secured computer application; a time in which the computer user 
launched the first secured computer application; a TCP/IP address of the computer 
user; and a user name of the computer user. 

5. (Original) The method as set forth in claim 1, further including the steps 
of creating a shopping cart and storing the shopping cart along with the object in the 
directory. 

6. (Original) The method as set forth in claim 5, further including the steps 
of allowing the user to select items to be purchased and storing information relating to 
the selected items in the shopping cart. 

7. (Currently Amended) A system for dynamically tracking a user session 
in order to authenticate and authorize a computer user to a plurality of separately 
secured remote applications, the system comprising: 

a user profile database for storing security information for a plurality of 
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computer users; 

an authorization server coupled with the user profile database for receiving 
log-in information from a computer user who has launched a first secured computer 
application, for creating a Session ED for the computer user, for storing at least a 
portion of the Session ID on the user's computer and for creating an object associated 
with the computer user or the Session ID; and 

a directory stored in a directory server coupled with the authorization server 
for dynamically storing the object created by the authorization server, 

the authorization server being further operable for copying at least some of 
the security information relating to the computer user from the user profile database to 
the object in the directory, comparing log-in information entered by the computer user 
to the security information for the computer user and allowing the computer user 
access to the launched first secured computer application if the user is an authenticated 
or authorized user of the computer application, 

the directory server permitting other separately-secured computer 
applications launched by the computer user to reference the Session ID read by the 
separately-secured computer applications on the user's computer so that the other 
separately-secured computer applications may access the object for the computer user 
on the directory server to authenticate or authorize the user for the other separately- 
secured computer applications. 

8. (Original) The system as set forth in claim 7, the security information 
including authentication and authorization information. 

9. (Original) The system as set forth in claim 8, the authentication and 
authorization information including at least one of the following: user names, user 
IDs, passwords, pubhc-key data, certificates, and access control information. 

10. (Currently Amended) The system as set forth in claim 7, the Session ED 
being based on at least one of the following: a date on which the computer user 
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launched the first secured computer appUcation; a time in which the computer user 
launched the first secured computer application; a TCP/IP address of the computer 
user; and a user name of the computer user. 

11. (Previously Presented) The system as set forth in claim 1, the directory 
server being further operable for creating a shopping cart and storing the shopping cart 
along with the object in the directory. 

12. (Previously Presented) The system as set forth in claim 1 1, the 
directory server being further operable for allowing the user to select items to be 
purchased and storing information relating to the selected items in the shopping cart. 

13-20. (Canceled) 

21. (Previously Presented) The method as set forth in claim 1, wherein the 
other computer applications access the object on the directory server using a dynamic 
directory service. 

22. (Previously Presented) The method as set forth in claim 21, wherein 
the dynamic directory service comprises the lightweight directory access protocol 
(LDAP). 

23. (Previously Presented) The method as set forth in claim 21, wherein 
the dynamic directory service comprises the X.500 access protocol. 

24. (Previously Presented) The system as set forth in claim 7, wherein the 
other computer applications access the object on the directory server using a dynamic 
directory service. 

25. (Previously Presented) The system as set forth in claim 24, wherein the 
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dynamic directory service comprises the lightweight directory access protocol 
(LDAP). 



26. (Previously Presented) The system as set forth in claim 24, wherein the 
dynamic directory service comprises the X.500 access protocol. 

27. (New) A method of authenticating and authorizing a user to a plurality 
of separately-secured computer applications, the method comprising the steps of: 

the user remotely launching a first secured computer application from a user 

computer; 

authenticating and authorizing the user to the first secured computer 
application by exchanging security information between the user and an authorization 
server; 

storing at least a portion of the security information in an object within a 
dynamic directory on a directory server; 

storing a link to the object on the user computer; 

the user remotely launching a second separately-secured computer 
application on an application server; 

retrieving the link; and 

authenticating and authorizing the user to the second separately-secured 
computer application by exchanging the stored security information between the 
directory server and the application server. 

28. (New) The method of claim 27 wherein the exchanging of security 
information between the directory server and the application server employs a dynamic 
directory service. 

29. (New) The method of claim 27 wherein the security information 
includes a Session ID that is stored in the object and in the link. 
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30. (New) The method of claim 27 further comprising the steps of: 
one of the secured computer apphcations storing application data in the 

object; and 

the other one of the secured computer applications retrieving the application 
data according to the link. 

3 1 . (New) The method of claim 30 wherein the one of the secured 
computer applications is a shopping application, wherein the stored application data is 
comprised of shopping cart information; and wherein the other one of the secured 
computer applications is a check-out application. 

32. (New) A system for authenticating and authorizing a user remotely 
launching secured computer applications from a user computer, the system 
comprising: 

an authorization server for authenticating and authorizing the user to the 
secured computer applications by exchanging security information between the user 
and the authorization server when a first secured computer application is launched by 
the user; 

a directory server storing at least a portion of the security information in an 
object within a dynamic directory, wherein a link to the object is stored on the user 
computer; and 

an application server implementing a second separately-secured computer 
application for remote launching by the user, wherein the second separately-secured 
computer application retrieves the link, and wherein the user is authenticated and 
authorized to the second separately-secured computer application by exchanging the 
stored security information between the directory server and the application server. 

33. (New) The system of claim 32 wherein the exchanging of security 
information between the directory server and the application server employs a dynamic 
directory service. 
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34. (New) The system of claim 32 wherein the security information 
includes a Session ID that is stored in the object and in the link. 

35. (New) The system of claim 32 wherein one of the secured computer 
applications stores application data in the object, and wherein the other one of the 
secured computer applications retrieves the application data according to the link. 

36. (New) The system of claim 35 wherein the one of the secured 
computer applications is a shopping application, wherein the stored application data is 
comprised of shopping cart information; and wherein the other one of the secured 
computer applications is a check-out application. 
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